The invention relates to the general field of secure elements in which profiles can be stored, and in particular to the secure elements that are installed in terminals.
The invention applies in particular and in nonlimiting manner to secure elements of the embedded universal integrated circuit card (eUICC) type that are embedded in terminals.
Secure elements of the eUICC type are described in the GSMA—SGP.02 standard “Remote Provisioning Architecture for Embedded UICC Technical Specification”—Version 2.0. It may be observed that these elements can be used to replace a traditional subscriber identity module (SIM) card with a microcircuit that is installed in permanent manner in a terminal. Specifically, the functions of authentication with a mobile network operator (MNO) are performed in analogous manner by an eUICC and by a SIM card. eUICC elements differ from traditional UICC elements in that they include profiles making authentication possible with different mobile network operators. By way of indication, a device fitted with a secure element of this type may be sold with a so-called “provisioning” profile already stored in the secure element. The provisioning profile makes it possible subsequently to select a mobile network operator and to download a new profile corresponding to that mobile network operator. The downloading takes place from a security domain server known as a “Subscription Manager-Secure Routing” (SM-SR) server. eUICC elements are thus particularly suitable for communication between electronic devices in so-called “Machine to Machine” (M2M) communication in which it may be preferable for the secure element to be secured permanently, e.g. by soldering.
The infrastructures needed for managing profiles in eUICC elements comprise at least one mobile network operator, a “Subscription manager-Data Preparation” (SM-DP) server that encrypts the profiles downloaded by the eUICC element, an SM-SR security domain server, and finally the eUICC element itself.
In the present application, the concept of a “profile” should be interpreted broadly, i.e. as a data set comprising at least one file and/or data. A profile in the meaning of the invention may in particular comprise at least one element selected from:                a standard file as defined by the 3GPP or ETSI specifications for UICCs and their applications, and in particular by the standards 3GPP 31.102 and ETSI 102.221;        a proprietary file;        a configuration file of an operating system;        a Java Card application and associated personalization elements;        data such as transport protocol keys, authentication algorithm parameters, . . . .        
Specifically, an eUICC element includes a privileged security domain known as the Issuer Security Domain Root (ISD-P) configured to manage profiles and one or more security domains each known as an Issuer Security Domain-Profile (ISD-P) and each having a profile.
A security domain thus includes at least the same data as a profile (data and/or application), and it may be observed that a privileged security domain also includes encryption keys and applications. In the present application, by abuse of language, the term “privileged security domain” is used both for the memory zone that includes those keys and applications, and also for the software module that has functions of managing the security domain and that is obtained from the privileged security domain.
It has been observed that the provisioning profile is no longer used once a profile has been downloaded and has been activated, since its main function is to enable a profile to be downloaded.
Other profiles that are downloaded subsequently may also be for temporary use only. This applies to profiles that are limited to a duration (e.g. a limited consumption time), to a period (profile valid during a limited period), or indeed associated with limits on data transfer (data quota). Nevertheless, these profiles are all conserved by the eUICC secure element.
Also, each profile is associated with a pair of data items that are well known to the person skilled in the art namely the international mobile subscriber identity (IMSI) and the encryption key (Ki) Mobile network operators have only a limited number of IMSI/Ki pairs available to them.
Each unused profile that is stored in an eUICC element thus corresponds to an IMSI/Ki pair that is unused. That is disadvantageous for mobile network operators, who would like to be able to reuse IMSI/Ki pairs.
Storing unused profiles is also problematic given the quantity of memory that is occupied in an eUICC secure element by the unused profiles.
Such storage also raises problems of security since secret data belonging to mobile network operators is stored with the profiles.
Finally, if a large number of profiles are stored in an eUICC secure element, manual management of the profiles can become confused. Such confusion may appear if a user makes use of an interface in order to select one profile for activation from among all of the profiles stored in the secure element.
The invention seeks in particular to mitigate some of those drawbacks, and in particular to improve the processing of unused profiles stored in secure elements.